CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

CVE-2022-31516

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Exploit for Uncontrolled Resource Consumption in Quic-Go_Project Quic-Go

QUIC-attacks CVE-2022-30591 The current repository serves t...

CVE-2022-34064

The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

OESA-2022-1710 python-jwt security update

PyJWT is a Python library which allows you to encode and decode JSON Web Tokens JWT. \ JWT is an open, industry-standard RFC 7519 for representing claims securely between two parties. Security Fixes: PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing...

CVE-2022-30877

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2...

CLSA-2022-1654010877 Fixed CVEs in python3: CVE-2022-0391, CVE-2021-4189, CVE-2021-3737

CVE-2021-3737: urllib: HTTP client possible infinite loop on a 100 Continue response rhbz2036020 - CVE-2021-4189: ftplib should not use the host from the PASV response rhbz2036020 - CVE-2022-0391: urllib.parse does not sanitize URLs containing ASCII newline and tabs rhbz2047376...

DEBIAN-CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

priority vulnerable to denial of service

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

Updated python-nbxmpp packages fix security vulnerability

Missing input sanitising in python-nbxmpp, a Jabber/XMPP Python library, could result in denial of service in clients based on it such as Gajim...

abtests (>=0.0.1 <=0.0.2.1), adjsim (>=2.0.0 <=2.1.0) +108 more potentially affected by CVE-2017-12852 via numpy (>=1.10.0 <=1.13.1)

numpy PYPI version =1.10.0, =0.0.1, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.7.0, =1.0.2 - cami-opal =0.2.5 and more Source cves: CVE-2017-12852 Source advisory: OSV:GHSA-FRGW-FGH6-9G52...

0x-web3 (=5.0.0a5), a2grunnerp (>=0.1.0 <=0.1.8) +4118 more potentially affected by CVE-2015-5237 via protobuf (>=2.6.0 <=3.3.0)

protobuf PYPI version =2.6.0, =0.1.0, =0.1.0, =0.1.6, =1.0.2, =0.0.1b1, =0.2.5, =0.1.0, =1.0.0, =1.0.6 - academic-emotion =0.1.2 and more Source cves: CVE-2015-5237 Source advisory: OSV:GHSA-JWVW-V7C5-M82H...

Email-Prediction-Asterisks - Script That Allows You To Identify The Emails Hidden Behind Asterisks

Email prediction asterisks is a script that allows you to identify the emails hidden behind asterisks. It is a perfect application for osint analysts and security forces. It allows to intelligently predict, using Intelx leaks, which emails are related to the person we are looking for. It also...

python-rsa: bleichenbacher timing oracle attack against RSA decryption

A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality...

UBUNTU-CVE-2022-30284

DISPUTED In the python-libnmap package through 0.7.2 for Python, remote command execution can occur if used in a client application that does not validate arguments. NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that...

Requests-Ip-Rotator - A Python Library To Utilize AWS API Gateway's Large IP Pool As A Proxy To Generate Pseudo-Infinite IPs For Web Scraping And Brute Forcing

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. This library will allow the user to bypass IP-based rate-limits for sites and services. X-Forwarded-For headers are automatically randomised and applied unles...

addpage (=0.2.0), amazon-textract-helper (>=0.0.2 <=0.0.30) +88 more potentially affected by CVE-2022-24859 via pypdf2 (>=1.24.0 <=1.27.12)

pypdf2 PYPI version =1.24.0, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =0.1.1, =0.1.1, =0.2.0, =0.1.0, =0.0.1, =1.1.0, =0.9.0, =1.0.0, =2.0.0 - dftimewolf =20200608.0.0a0 and more Source cves: CVE-2022-24859 Source advisory: OSV:PYSEC-2022-194...

CVE-2022-27271

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet...

CVE-2022-27271

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet...

PT-2022-18345 · Inhand Networks · Inrouter 900

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to v1.0.0.r11700 Description: The issue is related to a remote code execution vulnerability triggered by a crafted packet via the python-lib component. Recommendations: For...